Privacy policy

At Medical 24 Ltd (“Medical 24”) we are committed to ensuring the privacy of data we receive. This is for our candidates, clients and those who use our website. We will endeavour to make sure that the information you submit to use is only processed for reasons outlined in this Privacy Notice.

The General Data Protection Regulations (GDPR) (Regulation (EU) 2016/1679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.

Even though the UK has expressed its intention to leave the EU in March 2019, the GDPR will be applicable in the UK from 25th May 2018. The government intends for the GDPR to continue in UK law post “Brexit” and has also introduced a Data Protection Bill to replace the current Data Protection Act.

Your new rights under the GDPR are set out in this notice but will only apply once the GDPR becomes law on 25th May 2018. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Who we are and what we do

Medical 24 Ltd are a recruitment agency and recruitment business as defined in the Employment Agencies and Employment Business Regulations 2003. We provide additional services of training and consultancy on occasion. We collect the personal data of the following types of people to allow us to undertake our business:

Prospective and placed candidates for permanent, temporary or contract roles

Prospective and live client contacts

Supplier contacts to support our services

Employees, consultants and temporary workers

Who controls your data

The data controller is Medical 24 Ltd, a company registered in the UK at Hygeia Building, 66-68 College Road, Harrow, Middlesex, HA1 1BE (registered company number 08705888). Our data protection officer is Christopher Coyle and our nominated representative is Anna Cooper / data@medical24.co.uk / 07718658386. Medical 24 Ltd are registered with the Information Commissioner’s Office (ICO) under certificate number ZA071555.

Information we collect

About you: This is information about you that you give us by filling in application forms, through emails or telephone correspondence, by registering online, entering our database, entering a competition or reporting a problem with our site.

The information may include the below. Please note this list is not exhaustive and may be changed:

Name and address

Email address and telephone number

Financial information

Right to work information and proof of National Insurance

Date of birth and emergency contact details

Job history and qualifications

Health records and DBS (where applicable)

Via our website: This is information that is automatically collected each time you visit our website

This information may include the below. Please note this list is not exhaustive and may be changed:

The Internet Protocol (IP) address used to connect your computer to the internet

Log in information if applicable

Browser type and version (browser plug in types and versions)

Operating system and platform

Full Uniform Resource Locators (URL)

Clickstream to, through and from our site including date and time

Products viewed or searched for

Page response times and download errors

Lengths of visits

Page interaction information

Methods used to browse away from the page

Telephone number used to call us

Via Cookies: Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. Medical 24 Ltd use the following cookies:

Analytics

_ga

_gid

_gat

_gat_ccd

AMP_Token

These cookies are used to collect information about how visitors use our website. This is used to generate reports to help understand which pages of our website are popular and effective, and which areas could use improvement.

Functionality

ccd_lang

medical24

ccd_toast

PageSpeedFilters

cookies_opted_out

cookies_ack

These cookies are set by the system running the website. They are strictly necessary for the correct functioning of the site.

From other sources: This is information about you that we obtain from other sources. If we obtain data from these sources we will send you this Privacy Notice within 30 days of collecting your data so that you are aware that we have your data. We will also inform you of the source that the data originates from and the reason why we intend to keep your data.

Other sources that we may get your data from are listed below. Please note this list is not exhaustive and may be changed:

You i.e. emailing your CV directly to us

Online job boards

A referral from another candidate

The public domain

Social media i.e. LinkedIn

Conversations on the telephone

Processing your data

This is how we will use your data once we have obtained it. The below list is not exhaustive and may be changed:

Collecting and storing your data in both electronic and paper forms

Using your data to contact you about prospective roles and to send to clients when you have accepted a job

Using your data to administer payroll

Assessing and reviewing your data to ensure it is suitable for job roles

Altering your data when we are informed that it needs changing

Erasing your data when requested – please note we are legally required to hold certain information (see the section on retention of data)

Retaining records of our dealings with candidates and clients

To provide information to regulatory authorities and statutory bodies along with our legal providers and insurers where necessary

Sending information to third parties where we have/intend to enter in to recruitment relevant arrangements

Purposes of processing your data

There are many purposes for why we need to process the data that is held about you. Our legal base for processing personal data is our legitimate business interests which will be described in more detail below but we will also rely on contract, legal obligations and consent for specific uses of data.

Our Legitimate Business Interests

As a recruitment agency we introduce candidates to clients for temporary employment. Permanent employment or independent professional contracts. The exchange of personal data of our client contacts and candidates is essential and is a fundamental part of this process. In order to support our candidates career aspirations and our clients resourcing needs we require a database of candidate and client personal data containing historical information as well as current resourcing requirements.

To maintain, expand and develop our business we need to record the personal data of prospective candidates and client contacts. In order for our business to help candidates progress in their career we need to keep personal data to ensure they are qualified for the role. We need to keep financial information of a candidate to ensure they are paid correctly and we need personal information to add people to our database and to be able to contact both candidates and clients regarding our recruitment arrangements.

Entering into a Contract

If we are negotiating, or have entered into a placement agreement with you or your organisation, or if we have any other contract to provide services to you or receive services from you or your organisation, we will process our data on the basis that the processing is necessary for the performance of the contract.

Compliance with Legal Obligations

We are legally obliged to retain certain information of yours to fulfil statutory requirements. This includes the Conduct of Employment Agencies and Employment Business Regulations 2003, which require us to (amongst other things):

Verify your identity

Assess your suitability for an external job role

Maintain records for specific periods

Consent

We may need to process your data under circumstances where we are relying on your consent to process it. Consent can be taken orally, by email or via an online process and your consent response will be recorded on our system to enable us to ensure our records are accurate.

You may withdraw your consent to our processing of your personal information at any stage. You can do this by emailing data@medical24.co.uk or by writing to us at Data Protection Team, Medical 24, Hygeia Building, 66-68 College Road, Harrow, Middlesex HA1 1BE. You can also complete the form on our website and submit it to us. Please note that if consent is withdrawn we may continue to retain your personal information where we have a legal or contractual obligation do to so, or if we need to retains data to abide by statutory retention periods.

Sensitive Personal Data (SPD)

Sensitive personal data is completely personal to you and can include things such as your race and ethnicity, health data, political and religious views and sexual orientation. We request that you do not provide us with any sensitive personal data unless it is necessary. For example we may need to ask you for some health data to ensure you are suitable for a specific role i.e. if the role involves heavy lifting we would ask for health data to ensure you are able to lift the objects.

If we are provided with sensitive personal data we will only process it for particular purposes including the below:

We have explicit consent to do so

For assessing your suitability for roles or working capacity

Where processing is necessary for the purpose of obligations or rights under employment, social security or social protection law

To maintain records of our dealings to address any later disputer or to exercise or defend any legal claims

Retention of data

If we engage you to work, either as a direct employee or as a temporary worker via a client we understand our legal duty to retain accurate data and only retain personal data for as long as is required for statutory purposes, our legitimate interests and that you are happy for us to do so. In most circumstances your data will not be retained for more than 6 years from the last point at which we provided any services or otherwise engaged with you. The following sets out the lengths of time we are required by law to retain your data or certain elements of your data:

For 12 months from the date we last provided our recruitment services to you for the purposes of providing evidence of the recruitment services we provided to you (Regulation 29 of the Conduct of Employment Agencies and Employment Businesses Regulations 2003).

For 2 years from the end of your last period of engagement of employment for the purposes of providing evidence that right to work checks were carried out under The Immigration (Restrictions of Employment) Order 2007.

For 3 years from the end of the relevant year for the purposes of any parental/adoption leave records or statutory maternity or paternity pay (The Statutory Maternity Pay (General) Regulations 1986 (SI 1986/1960) as amended).

For 6 years from the end of each tax year for the purposes of retaining payroll records under the Income Tax (Employment and Pensions) Act 2003.

For 6 years from the end of each tax year for the purposes of keeping VAT records for any VAT registered limited company contractors

For 3 years for accident books and accident records and reports under the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 (RIDDOR) and Limitation Act 1980.

For 6 years for wage and salary records including bonuses, overtime and expenses under the Taxes Management Act 1970.

For 2 years from the date on which they were made for records relating to Working Time under The Working Time Regulations 1998 (SI1998/1833).

We have a form on our website (www.medical24.co.uk) on which you can submit a request to rectify any data or action any of your rights (please see the section below “Your Rights”).

We segregate our data so that we keep different types of data for different time periods. The criteria we use to determine whether we should retain your personal information includes:

The nature of the personal data

Its perceived accuracy

Our legal obligation

Whether an interview or placement has been arranged

Our recruitment expertise and knowledge of the industry by country, sector and job role

We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) System. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database unless requested to do so. For your information, Pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers or pseudonyms.

Other uses of your data

Other uses of your data may include use of our website, to notify you about changes to our service and to ensure that content from our site is presented in the most effective manner for you and for your computer. We will use this information for the below reasons. Please note this list is not exhaustive and may be changed:

To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

To improve our site to ensure that content is presented in the most effective manner for you and for your computer.

To allow you to participate in interactive features of our service when you choose to do so.

As part of our efforts to keep our site safe and secure.

To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.

To make suggestions and recommendations to you and other users of our site about goods or services and may interest you or them.

We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision making process.

Disclosure of your information

We will share your personal information with a selection of people in order to maintain the running of our recruitment business. We may share your personal information with any member of our group of companies. Our Group means our subsidiaries, our ultimate holding company and its subsidiaries, our associated companies as defined in Section 1159 of the UK Companies Act (2006).

We may also share your personal data with selected third parties including those listed below. Please note this list is not exhaustive and may be paid.

Clients – for the purpose of introducing candidates to them

Candidates – for the purpose of arranging interviews and engagements

Clients, business partners, suppliers and sub-contractors – for the performance and compliance obligations of any contract we enter with them or you

Analytics and search engine providers – to assist us in the improvement of our site

Credit reference agencies, our insurance broker, compliance partner and other sub-contractors – to help assess your suitability for a role where this is a condition of us entering in to a contract with you

There are certain times and reasons why we would disclose your personal information to a selected third party as per the below list. Please note this list is not exhaustive and may change.

In the event that we buy or sell any business assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets

If Medical 24 Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets

If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property or safety of Medical 24 Ltd, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

As with the company directly, there are lawful bases for third party processing of your personal data and these will include:

Their own legitimate business interests in processing your personal data, in most cases to fulfil their internal resourcing needs

Satisfaction of their contractual obligations to us as our data processor

For the purpose of a contract in place or in contemplation

To fulfil their legal obligations

Storing your data

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted (using SSL technology). Where you have chosen (or where we have given you) a password which enables you to access certain parts of our site you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Medical 24 Ltd will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice. Unfortunately the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Your rights

The GDPR provides you with a number of rights. These are listed below:

The right to request correction – of the personal information we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. We will change these details within 30 days of your request.

The right to request erasure – of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing. Please note we will still need to keep certain information when we have a statutory reason to do so (please see the section above “Retaining Your Data”). Any information that we can erase will be done so within 30 days.

The right to object to processing – of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

The right to restrict processing – of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

The right to request transfer – of your personal information to another party in certain formats, if practicable. If you request this will we transfer the data as soon as is reasonably possible.

The right not to be the subject of automated decision making including “profiling”.

The right to access – The Data Protection Act 1998 and the GDPR give you the right to access information held about you. We also encourage you to contact us to ensure your data is accurate and complete. Your rights of access can be exercised in accordance by submitting a subject access request to data@medical24.co.uk. We will acknowledge your request as soon as we can and we will send you your information within 30 days unless the request is excessive.

Any changes we make to this privacy notice will be updated on our website so please check back frequently to see if there have been any updates or changes made.